Scanning your Conda environment for security vulnerabilities
You don’t want to deploy an application that has security vulnerabilities.
That means your own code, but also third-party dependencies: it doesn’t matter how secure your code is if it’s exposing a TLS socket with a version of OpenSSL that has a remote code execution vulnerability.
For pip
-based Python applications, you’d usually run vulnerability scanners on Python dependencies like Django, and on system packages like OpenSSL.
With Conda, however, the situation is a little different: Conda combines both types of packages into one place.
In addition, most vulnerability scanners don’t support Conda.
Let’s see what makes Conda different, and how you can scan packages for known vulnerabilities.
The Conda difference
Typically for a Python application, C libraries like OpenSSL and applications like Nginx would come